
Enterprise Mission Assurance Support Servic 

The DOD recommended tool for information system assessment and authorization. 


Overview 

eMASS is a Web-based government off-the-shelf (GOTS) solution that automates a broad range of services for 
comprehensive, fully integrated cybersecurity management, including controls scorecard measurement, dashboard 
reporting, and the generation of a Risk Management Framework (RMF) for Department of Defense (DOD) Information 
Technology (IT) and DOD Information Assurance Certification and Accreditation Process (DIACAP) package reports. 
eMASS provides an integrated suite of authorization capabilities and prevents cyber attacks by establishing strict process 
control mechanisms for obtaining authority to connect information systems to DOD networks. 


Capabilities 

• Automated report generation, including all required DIACAP, RMF, 
and applicable Federal Information Security Management Act 
(FISMA) reports. 

• Enterprise level visibility of all authorization packages offering 
comprehensive organizational security postures. 

• Management of all cybersecurity compliance activities and automation 
of the workflow process from system registration through system 
decommissioning. 

• Maintenance of an enterprise baseline for security controls, which is 
stored in the eMASS repository and updated with industry standards. 

• Fully automated inheritance allows systems to inherit security control 
statuses, artifacts, test results, and view system security postures 
from other combatant commanders/services/agencies (CC/S/A) or 
systems. 

• Asset Manager allows eMASS to consume outputs from external 
vendor scanning tools and map results to information systems. 

• Allows product teams, testers, and security control assessors to 
effectively collaborate and execute security assessments from 
geographically dispersed locations with Integrated Project Teams. 


Quick Facts 


• Sponsors: DISA jointly with DOD CIO. 

• Established at over 35 CC/S/As. 

• Supports 22,000+ user accounts. 

• Seamlessly integrates with enterprise 
web-enabled security assessment tools. 


eMASS Training 


Instructor-led classroom training is 
offered throughout the year in Arlington, 
Virginia, at no cost. 

Upcoming sessions: 

March 23-24 May 18-19 

April 20-21 June 22-23 

To register for an instructor-led eMASS 
course or to complete a two-hour online 
training, go to http://qo.usa.gov/cVfWG 

(PKI-enabled). 
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workforce through its control- 
requirements wizard, intuitive user 
interface, linear workflows, integrated 
computer-based training capability, and 
auto generation of all security compliance 
package reports... so that more time can 
be spent securing the network and not 
interpreting the policy. 

Through improved cyber situational 
awareness, eMASS enables managers to 
readily identify vulnerabilities and make 
decisions concerning cybersecurity 
resources and program needs. Through 
its central management and governance 
of an enterprise’s cyber policy, eMASS 
promotes speedy delivery of policy 
changes and dramatically improves the 
cycle time to effect these changes 
directly through to individual teams. 
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Customize Approval Workflow 


Manage and Track 
Security Control Compliance 

0 Store security control test results 
(vf Update automatically based 
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Import Results 
from Asset 
Scanning Tools 


eMASS Provides Customers with Unmatched Benefits 

• Automates customizable workflow for managing essential security functions at 
the enterprise level down to system control activities. 

• Supports reciprocity by providing a common operating picture and a simplified 
enterprise architecture environment to facilitate information exchange and 
dynamic connection decisions. 

• Speeds delivery of systems supporting critical enterprise infrastructure, the 
warfighter, and other protective services entities by streamlining the RMF 
assessment, authorization, and connection approval processes. 

• Enables enterprise reporting and efficiencies through automatic generation of 
all required security compliance package reports, seamless integration with 
security scanning tools, and robust custom reporting capabilities. 



• Eliminates variable costs such as vendor licensing fees, paid software updates, 
and escalating operations and maintenance costs. 

• Centralizes management of cybersecurity activities and offers system security 
practitioners the flexibility to manage artifacts, establish and monitor inheritance 
relationships, and collaborate on security compliance development. 

• Rapid response to requests to deploy new RMF policy enhancements 
(overlays and assess only process). 



eMASS is Provided by DISA and Recommended by the 
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DISA manages: 

• Hosting and maintenance. 

• Enterprise help desk. 

• Continuity of operations (COOP). 


• Monthly training sessions. 

• Semi-annual updates/releases. 

• Computer-based training. 
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